Optical media protection driver

ABSTRACT

A method to protect content within protected data areas on a target optical record carrier against unauthorized reading and/or copying with a computer, comprises the steps of—determining whether a target optical record carrier or a non-target optical record carrier is inserted into a drive of the computer, and—in case a target optical record carrier is inserted into the drive of the computer—modifying read requests to the protected data areas so that no data is read or the read data is useless, and/or—modifying write commands in respect to the data within the protected data areas to a recordable record carrier or other storage so that the written data is useless.

The present invention relates to a method to protect content withinprotected data areas on a target optical record carrier againstunauthorized reading and/or copying with a computer, and an opticalrecord carrier.

Optical storage carriers with information stored on one or both sideshave come to be used for a variety of purposes, most notably in themusic, games, video, and computer industry. Digital information isstored on the optical storage media in the form of pits arranged alongcircular, concentric tracks on one or on both sides of the disc. Thetrack is typically read from the inside out, but may also be read formoutside in, as it is already used for some optical storage media.

The data itself on the track is subdivided into frames, each equal inlength, containing equal amounts of information. Each frame has adedicated layout depending on the type of optical storage media (CD,DVD). Such a frame always contains the user data symbols itself but mayalso contain data for synchronization, merging data between data symbolsand error correction.

The signal on an optical storage medium itself is asynchronous, whichmeans that in the decoding process synchronization, timing information,parity data or other data has to be spied out from the signal and thesignal has to fulfil certain requirements so that it is accessible by areading device.

Due to the nature of such storage media copies can be made easily. Tocope with this situation, there exist various copy protection schemesaccording to which the data relating to the information itself and/orthe other data on the storage medium providing access information orrelating to the synchronization gets altered to prohibit digital copyingwhile accomplishing accessibility by playback devices.

Generally, these copy protection schemes prevent a playback of theinformation content on computer drives by confusing these drives atleast in respect to the access of the information content. To secure anaccess to the content, a quality reduced version of the content, whichis stored “copy protected” in a first session of the optical recordcarrier, might be provided in a computer accessible manner in a secondsession of the optical record carrier. Alternatively, the second sessionmight comprise a link to a content server to provide a computer access.Such a content server might also comprise added value, e.g. music clipsor bonus material related to the information content on the opticalrecord carrier. The access to the content stored in the second sessionand/or to the content server might be provided through an executablefile that automatically starts after the copy protected optical recordcarrier is inserted into the computer drive.

In view of the above, it is the object underlying the present inventionto provide an improved system to protect content within protected dataareas on a target optical record carrier against unauthorized readingand/or copying with a computer.

According to the present invention, this object is solved by a method toprotect content within protected data areas on a target optical recordcarrier against unauthorized reading and/or copying with a computer asdefined in independent claim 1. Preferred embodiments of the methodaccording to the present invention are defined in the respectivedependent claims. A computer program product according to the presentinvention is defined in claim 12, a computer readable storage meansaccording to the present invention is defined in claim 13, and anoptical record carrier according to the present invention is defined inclaim 14.

The method to protect content within protected data areas on a targetoptical record carrier against unauthorized reading and/or copying witha computer according to the present invention comprises the steps of

-   -   determining whether a target optical record carrier or a non        target optical record carrier is inserted into a drive of the        computer, and    -   in case a target optical record carrier is inserted into the        drive of the computer        -   modifying read requests to the protected data areas so that            no data is read or the read data is useless, and/or        -   modifying write commands in respect to the data within the            protected data areas to a recordable record carrier or other            storage so that the written data is useless.

Therewith, according to the present invention a copy protection isprovided that works on a different level in respect to the known copyprotection schemes, since, according to the present invention, not thecontent to be protected or information relating thereto or to secure theaccess to the information is altered. Therefore, this scheme allows fullaccessibility to existing playback devices other than computer drives.On the other hand, computers on which the method according to thepresent invention is provided cannot access and/or copy target opticalrecord carriers, i.e. such optical record carriers that are copyprotected according to the present invention, since the read requestsand/or write commands are modified so that the data in the protectedareas, i.e. specially designated areas, e.g. an audio session of a CD,is read and/or written to be useless data.

It is self-evident that according to the present invention a targetoptical record carrier is somehow distinguishable from a non-targetoptical record carrier and that the method according to the presentinvention has somehow to be implemented in the used computer.

In the method according to the present invention, preferably themodifying of read requests and/or of write commands is performed only incase no authentication is available.

This scheme widens the concept of not allowing any computer readingand/or writing so that a user with authentication can fully access theprotected content with a computer. Provisions might also be given thatsuch accessed content might not be accessible by a computer from a copythereof, since the copy might be indicated to be not accessible by acomputer. Also, it is possible to produce a copy to which a differentauthentication might provide access. In this way also the number of‘child levels’ of an original might be defined, i.e. the number oflevels that allow a copy, e.g. only an original and a direct copythereof allow copying with a respective authentication.

In a preferred embodiment of the present invention, the determining andmodifying steps are performed by routines implemented into a drivecontrol layer within the computer.

This allows the implementation of the inventive method into a computerwithout having to reboot the computer, which would be annoying for auser, because the reboot usually takes a time. The drive control layeris generally a layer that controls the computer drive, e.g. a SCSIlayer.

In this preferred embodiment, preferably the routines

-   -   replace a dispatch routine and a completion routine, and    -   have the functionality to perform the determining and modifying        steps and to call the replaced dispatch and completion routines        for their execution based on the original or modified read        requests and/or write commands.

These features allow that e.g. by default the behaviour of the operatingsystem of the computer is not changed by the implementation of thepresent invention. Further, also the basic functionality of thisoperating system in respect to the ‘replaced’ routines might be used bycalling them with modified parameters to avoid replacement thereof,which prevents the occurrence of unwanted system failures.

Alternatively or additionally, in this embodiment, preferably theroutines are implemented by a driver that gets installed by anexecutable that gets automatically started when a target optical recordcarrier is inserted into the drive.

This procedure allows the use of the computer driver technology afterthe driver is installed at least once. Therewith, the installed drivermight be automatically loaded after each new start of the computer sothat other target optical record carriers that do not comprise theexecutable are copy protected according to the method according to thepresent invention. Of course, it is possible to install the driver inany other way on the computer, e.g. through a different application whenthe user is executing this different application on the computer, whilethe user is accessing an internet server, or with the installation ofthe operating system of the computer.

Preferably, the driver

-   -   gets automatically loaded after each start of the computer,        and/or    -   does not comprise an unload routine, and/or    -   changes its name randomly, and/or    -   comprises filetimes that are set randomly, and/or    -   comprises code that is changed randomly, and/or    -   is installed multiple times, but is only one time active, and/or    -   can be installed by installation programs spread all over the        computer's system.

These features of the driver according to the present invention aim tomake the driver resident and not easy to remove within the operatingsystem computer so that after a first installation preferably no secondinstallation is needed, but the copy protection scheme according to thepresent invention is permanently available on the particular computer.Therewith, also target optical record carriers are copy protected thatdo not bring the implementation of the copy protection according to thepresent invention with them, e.g. old target optical record carriers.These target optical record carriers just need to have theidentification features that identify a target optical record carrier tobe applicable to the copy protection according to the present invention.

Alternatively or additionally preferably the driver comprises acommunication interface to allow an exchange of control data and/orauthentication data.

This communication interface might be used to indicate protected areason a target optical record carrier, to communicate authentication datato the driver, and/or to establish a communication among differentinstalled drivers according to the present invention to achieve thatonly one of them is active. The communication via the communicationinterface is preferably encrypted.

According to the present invention a target optical record carrier mightbe distinguished from a non target optical record carrier by evaluating

-   -   a predetermined session of the optical record carrier in respect        to special modifications, and/or    -   at least one of the tables of contents of the optical record        carrier in respect to special entries, and/or    -   a predetermined session of the optical record carrier in respect        to special subcode modifications, and/or    -   predetermined data stored on the optical record carrier in        respect to a watermark.

Therewith, according to the present invention a target optical recordcarrier might simply carry a special sign that classifies it as a targetoptical record carrier. However, also more sophisticated features mightbe used, e.g. every record carrier that comprises a copy protection ofsome kind might be classified as a target optical record carrier orrecord carriers that comprise a particular special copy protection orthat comprise an indication identifying a particular disc label, . . . .Therewith, according to the present invention predetermined ‘cracked’copy protection schemes can be re-activated or predetermined opticalrecord carriers that are identifiable by their content might be‘equipped’ with a copy protection even after their delivery and selling.

According to the present invention, preferably a protected data area isidentified on basis of

-   -   a sector type, and/or    -   a range of sectors, and/or    -   sectors that are subject of specific read sequences.

Therewith, according to the present invention a protected data area mustnot be static for a particular target optical record carrier, but canalso be dynamic, e.g. based on certain accessing characteristics, e.g.in case the access of a disc cloning program or a ripping program isdetected.

According to the present invention, preferably a protected data area isdefined by

-   -   at least one predetermined area, and/or    -   data stored on the optical record carrier itself.

The predetermined data area might be fixed, e.g. always the audiosession or predetermined range of sectors, or variable. A variablepredetermined data area might be indicated to the driver through itscommunication interface. The driver can also derive a variablepredetermined data area from the target optical record carrier, e.g. onbasis of its table of contents or on basis of a list that is stored onthe target optical record carrier.

According to the present invention, preferably the modifying of readrequests so that the read data is useless, and/or the modifying of writecommands so that the written data is useless comprises

-   -   to abort a corresponding IO Request and/or IO Command with an        error, and/or,    -   to complete the corresponding IO Request and/or IO Command, but        without processing the actual request and/or command, and/or    -   to modify the respective data so that it is useless.

The modification of data so that it is useless might include thereplacement of data with arbitrary or predetermined values so that e.g.the play of a copied audio CD is disturbed or that a comment is giventhat no original is reproduced.

The computer program product according to the present inventioncomprises computer program means adapted to perform the method steps asset-out above when being executed on a computer, digital signalprocessor, or the like.

The computer readable storage means according to the present inventioncomprises a computer program product according to the present invention.

The optical record carrier according to the present invention comprisesan executable that gets automatically started when the optical recordcarrier is inserted into the drive and that

-   -   performs the method steps as set-out above when being executed        on a computer, digital signal processor, or the like, and/or    -   installs a driver that performs the method steps as set-out        above when being executed on a computer, digital signal        processor, or the like.

In other words, the optical record carrier comprises an executable thatmight directly and/or indirectly implement the method according to thepresent invention.

As indicated above, according to the present invention, the opticalrecord carrier is preferably a multi-session CD that comprises an audiosession and a data session with the executable that preferably has anautostart functionality. However, the autostart functionality is notmandatory.

All different aspects of the present invention as set-out above andfurther elucidated below might be combined in any way. The accompanyingdrawings, which are incorporated in and constitute a part of thisspecification, illustrate an exemplary embodiment of the invention and,together with a general description of the invention given above, andthe detailed description of the embodiment given below, serve to explainthe principles of the invention, wherein:

FIG. 1 shows a simplified scheme of the processing of an IO request in amulti layered driver model according to the present invention,

FIG. 2 shows a rough structure of a modified SCSI command used for thecommunication interface according to the present invention,

FIG. 3 shows a simplified scheme of the processing of an IO request in amulti layered driver model according to the prior art, and

FIG. 4 shows a rough structure of a SCSI command according to the priorart.

According to the following exemplary embodiment of the present inventionoptical media of specially marked discs (target discs) are protectedagainst illegal reading and/or copying. For this protecting of contenton optical media (e.g. CD, DVD . . . ) against illegal reading a disccontaining data in a standard fileformat (ISO, UDF . . . ), readable byoperating systems (e.g Windows) is used (called data session). Besidethe data session the disc can have any number of other sessions nomatter, which type.

At least the following parts are included in the data session:

-   -   Specially modified software (called EXE in the following). This        EXE is typically a startup menu.    -   Enabled autoplay, which starts the EXE after the optical media        was inserted into the drive.

When the EXE is launched, either after a medium was inserted (autoplay)in the drive or by a user starting it manually, it will extract andinstall a specially designed filter driver (called driver in thefollowing) which performs the following tasks:

-   -   Distinguishing between target discs, which are intended to be        protected, and non target discs.    -   Modifying specific SCSI read requests to the target disc's        protected data areas in a way that makes the read data useless.

Also, write commands directed to writing such data that relates to thetarget disc's protected data to a recordable disc or to another memorymight be modified in a way that makes the written data useless. The datathat relates to the target disc's protected data might be identified bya watermark or other suitable mechanisms.

As the standard way of implementing and applying filter driver forces areboot of the operating system, a particular and specific filteringmethod is used.

FIG. 3 shows a simplified scheme how an IO request is processed in amulti layered driver model as e.g. used in Windows operating systems.Marked with {circle around (1)} is the call of the Dispatch Routine ofevery layer by an IO Manager, starting with layer 1. The last layer isaccessing the physical device, which is marked with {circle around (2)}.After the physical device is finished, the IO Manager calls theCompletion Routine of every layer, starting with the last one, which ismarked with {circle around (3)}. After the first layers completionroutine has completed the IO Request is finished, which is marked with{circle around (4)}.

According to the exemplary embodiment of the present invention, thedriver searches for the SCSI layer and inserts its own routines DHR(Dispatch Hook Routine) and CHR (Completion Hook Routine) instead of theoriginal Dispatch and Completion Routines, as it is indicated in FIG. 1.DHR as well as CHR call their original counterparts, i.e. the originaldispatch routine and the original completion routine, so that by defaultthe behaviour of the system is not changed through the injection of thehook routines.

In particular, FIG. 1 elucidates how the driver is able to keep track ofevery SCSI command sent to a CD/DVD device by inserting the Dispatch andthe completion Hook routines into the SCSI layer. Marked with {circlearound (5)} is that the Dispatch Routine of the SCSI layer is replacedwith a Dispatch hook routine of the driver. This routine calls theoriginal Dispatch Routine. Marked with {circle around (6)} is that theCompletion Routine of the SCSI layer is replaced with a Completion HookRoutine of the driver. This routine calls the original CompletionRoutine.

So that the driver is able to keep track of every SCSI request, which issent to a CD/DVD drive by using DHR and CHR, the following tasks areperformed inside DHR and CHR:

-   -   Distinguishing target discs from non target discs.    -   Carry out modifications if a target disc was properly        identified.    -   Handling CCI requests (Covert Communication Interface)

To distinguish between target and non target discs the followingcriteria are used in any combination:

-   -   Special modifications in the 2^(nd) session.    -   Special TOC entries.    -   Special subcode modifications (either in the 1st or the second        session).    -   Watermark in the (audio) data

The protected data is part of the target disc. The following criteriamight be used to identify protected data areas on a target disc:

-   -   Sector type, which means all sectors of a specified type (CDDA,        Mode 1, . . . ) are part of the protected data area.    -   Range of sectors, wherein a protected data area can be defined        by specifying a start- and an endsector.    -   Detecting specific read sequences, e.g. sequential reads, which        are typical for disc cloning and ripping programs, are detected        and all further read requests are denied.

The protected data area can be either protected:

-   -   Totally, which means that no read request to the protected area        is allowed. No matter, which application performs the request.    -   Disengageable, which means that trusted applications can        authenticate themselves by sending authentication data via the        CCI (Covert Communication Interface), which enables only the        authenticated process to read the protected data.

So one or multiple protected data areas can be specified with the abovecriteria in any combination.

The protected data areas can be defined by:

-   -   the driver (hardcoded in the driver program code)    -   data stored on the disc    -   combination of both

If a target disc was properly identified, the following modificationsmight be done to SCSI read requests, which try to read protected data:

-   -   The IO Request is aborted (completed) with an error.    -   The IO Request is completed with STATUS_SUCCESS, without        processing the actual read.    -   The read data is modified, so that it is useless.

To protect the driver against removal from the system one or more of thefollowing measures might be taken

-   -   The driver can not be unloaded, because it does not have an        “Unload routine”.    -   The driver name changes randomly        -   The installation process chooses a random name (done by            EXE).        -   The driver changes its name during system runtime and/or            during system shutdown randomly.    -   The driver filetimes (creation time, last access time and last        write time) are set randomly during the installation sequence        (done by EXE) and/or during runtime.    -   The driver program code is changed randomly (without changing        its functionality) during the installation sequence. (done by        EXE).    -   The driver installs itself multiple times and except one all        other instances of the driver are inactive.        -   There is a covert and protected communication interface            between the drivers to check if there is already an active            driver instance running.        -   If a driver detects another one already running, it will set            itself inactive.    -   Spread driver installation programs (hidden) all over the        system.

In the following the Covert Communication Interface (CCI) according tothe present invention is described, which is used for allowing softwareto communicate with the driver, e.g. for authentication, and/or allowingdrivers to communicate with each other, e.g. in case multiple instancesof a driver are installed.

SCSI commands are used to send and receive data to and from the driver(piggy back). FIG. 4 shows the rough structure of a SCSI command, whichconsists of a CDB, i.e. SCSI Command Descriptor Block, and, if the sentcommand requires it, a data buffer as well. Depending on the CDB theData buffer could be used for storing read data (read command), or asdata source if a write command is executed. The bufferlength can be avalue >=0 also depending on the CDB

According to the exemplary embodiment of the present invention, forcommunication purposes a larger datablock as required for the SCSIcommand is attached to the SCSI command to generate a modified SCSIcommand for use for the covert communication interface (CCI), as shownin FIG. 3. The data buffer area which is not needed for the SCSI commandwill in the following be named as DBE (Data buffer extension).

The DBE is used for CCI and contains information, which is detected andevaluated by the driver and the driver will place possible return valuesin the DBE as well.

The content of the DBE is encrypted by the sender and decrypted by thedriver. If the driver places return values in the DBE it will encryptthe DBE afterwards and the sender will decrypt the DBE again.

All SCSI commands are applicable, i.e. commands, which do not need adata buffer themselves, are particulary suitable to be used for CCI(e.g. Test Unit Ready), because they are easy to handle. Self definedSCSI commands could be used as well.

To easily install the driver, according to the exemplary embodiment ofthe present invention a driver installation sequence gets injected in anexecutable. This is used to add the code, which is extracting andinstalling the driver to any executable (called Target.exe in thefollowing). Therefore, the following tasks are performed:

-   -   Create a dynamically loadable library file (e.g DLL for Windows        operating systems).        -   Containing the driver.        -   Implements and forwards the interface of a dynamically            loadable library (called target library) which is used by            Target.exe. (e.g Kernel32.dll on Windows operating systems)        -   Contains a startup routine, which is called when the library            is loaded. (DllMain routine in DLLs on Windows operating            systems). This startup routine extracts and installs the            driver.        -   The library can have any name, but the length of the name            should not be longer then the name of the target library. To            ease explaination it is called Inject.dll.    -   An executable contains a list of all dynamically loadable        libraries (called import list), which are used.    -   When an executable is started every library listed in the import        list is loaded and its startuproutine is executed.    -   The name of the target library (e.g Kernel32.dll) in the import        list of Target.exe is replaced with the name of Inject.dll.

So when Target.exe is executed Inject.dll is loaded as well and itsstartuproutine is executed, which extracts and installs the driver.

The invention claimed is:
 1. A method for protecting content withinprotected data areas on a target optical data medium againstunauthorized copying with a computer, comprising: determining whether anoptical data medium inserted into a drive of the computer is the targetoptical data medium or a non-target optical data medium, wherein thetarget optical data medium is a data medium protected againstunauthorized copying with a computer, and when the inserted optical datamedium is the target optical data medium, modifying read requests to theprotected data areas so that either no data is read or the read data ismodified, and/or modifying write commands in respect to the data withinthe protected data areas to a recordable data medium or other storage sothat the written data is modified to be useless, wherein the determiningand modifying steps are performed by a driver installed on the computer,and wherein the modifying of read requests and/or write commands isperformed only when no authentication of the computer is available.
 2. Amethod according to claim 1, wherein the determining and modifying stepsare performed by routines implemented into a drive control layer withinthe computer.
 3. A method according to claim 2, wherein the routinesreplace a dispatch routine and a completion routine, and have thefunctionality to perform the determining and modifying steps and to callthe replaced dispatch and completion routines for their execution basedon the original or modified read requests and/or write commands.
 4. Amethod according to claim 2, wherein the routines are implemented by thedriver that is installed by an executable that is automatically startedwhen a target optical data medium is inserted into the drive.
 5. Amethod according to claim 4, wherein the driver is automatically loadedafter each start of the computer, and/or does not comprise an unloadroutine, and/or changes its name randomly, and/or comprises filetimesthat are set randomly, and/or comprises code that is changed randomly,and/or is installed multiple times, but is only one time active, and/orcan be installed by installation programs spread all over the computer'ssystem.
 6. A method according to claim 4, wherein the driver comprises acommunication interface to allow an exchange of control data and/orauthentication data.
 7. A method according to claim 1, wherein a targetoptical data medium is distinguished from a non target optical datamedium by evaluating a predetermined session of a optical data medium inrespect to special modifications, and/or at least one of the tables ofcontents of the optical data medium in respect to special entries,and/or a predetermined session of the optical data medium in respect tospecial subcode modifications, and/or predetermined data stored on theoptical data medium in respect to a watermark.
 8. A method according toclaim 1, wherein a protected data area is identified on basis of asector type, and/or a range of sectors, and/or sectors that are subjectof specific read sequences.
 9. A method according to claim 1, wherein aprotected data area is defined by at least one predetermined area,and/or data stored on the optical data medium itself.
 10. A methodaccording to claim 1, wherein the modifying of read requests so that theread data is modified to be useless, and/or the modifying of writecommands so that the written data is modified to be useless comprisesaborting a corresponding IO Request and/or IO Command with an error,and/or completing the corresponding IO Request and/or IO Command, butwithout processing the actual request and/or command, and/or modifyingthe respective data so that it is modified to be useless.
 11. A methodaccording to claim 1, wherein the modifying of read requests and/orwrite commands is performed only if no authentication of the computer ashaving full access to the content within the protected areas isavailable.
 12. A method according to claim 1, wherein the modifying ofread requests and/or write commands is performed only if noauthentication of a user of the computer as having full access to thecontent within the protected areas is available.
 13. A non-transitorycomputer readable storage medium including computer executableinstructions, which when executed by a processor, cause the installationof a driver on the non-transitory computer readable storage medium whichperforms a method comprising: determining whether an optical mediuminserted into a drive of the computer is a target optical data medium ora non-target optical data medium, wherein the target optical data mediumis a data medium protected against unauthorized copying with a computer,and when the inserted optical data medium is the target optical datamedium, modifying read requests to protected data areas of the targetoptical data medium so that either no data is read or the read data ismodified to be useless, and/or modifying write commands in respect todata within protected data areas to a recordable data medium or otherstorage so that the written data is modified to be useless, wherein themodifying of read requests and/or write commands is performed only whenno authentication of the computer is available.
 14. An optical datastorage medium including protected areas and computer executableinstructions, wherein when the optical data storage medium is insertedinto a drive of a computer, the computer executable instructions causethe installation of a driver on the computer which identifies theoptical data storage medium as a target optical data medium which isprotected against unauthorized copying with a computer and performs amethod comprising: modifying read requests to protected data areas ofthe target optical data medium so that either no data is read or theread data is modified to be useless, and/or modifying write commands inrespect to data within protected data areas to a recordable data mediumor other storage so that the written data is modified to be useless,wherein the modifying of read requests and/or write commands isperformed only when no authentication of the computer is available. 15.An optical data storage medium according to claim 14, wherein thecomputer executable instructions are arranged in a data session of amulti-session CD that also comprises an audio session.
 16. A method forprotecting content within protected data areas on a target optical datamedium against unauthorized copying with a computer, comprising:determining whether an optical data medium inserted into a drive of thecomputer is the target optical data medium or a non-target optical datamedium, wherein the target optical data medium is a data mediumprotected against unauthorized copying with a computer, and when theinserted optical data medium is the target optical data medium,modifying read requests to the protected data areas so that either nodata is read or the read data is modified, and/or modifying writecommands in respect to the data within the protected data areas to arecordable data medium or other storage so that the written data ismodified to be useless, wherein the determining and modifying steps areperformed by routines of a driver implemented into a drive control layerwithin the computer, wherein the routines replace original routines ofthe drive control layer, and wherein the modifying of read requestsand/or write commands is performed only when no authentication of thecomputer is available.
 17. A method for protecting content withinprotected data areas on a target optical data medium againstunauthorized copying with a computer, comprising: determining whether anoptical data medium inserted into a drive of the computer is the targetoptical data medium or a non-target optical data medium, wherein thetarget optical data medium is a data medium protected againstunauthorized copying with a computer, and when the inserted optical datamedium is the target optical data medium, modifying read requests to theprotected data areas so that either no data is read or the read data ismodified, and/or modifying write commands in respect to the data withinthe protected data areas to a recordable data medium or other storage sothat the written data is modified to be useless, wherein the determiningand modifying steps are performed by a driver installed on the computer,wherein the driver is installed by an executable that is automaticallystarted when a target optical data medium is inserted into the drive,and wherein the modifying of read requests and/or write commands isperformed only when no authentication of the computer is available.